Blog - Page 20 of 27

Ransom Tales: Volume II – Emulating Gunra, Anubis and DevMan Ransomware

AttackIQ presents the second volume of Ransom Tales, an initiative focused on emulating the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the Gunra, Anubis and DevMan ransomware families.

Author: Francis Guibernau July 29, 2025 Read More

Adversary Emulation

[CISA AA25-203A] #StopRansomware: Interlock

AttackIQ has released two new attack graphs in response to the CISA Advisory (AA25-203A) published on July 22, 2025, which disseminates known Interlock ransomware Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOCs) identified through FBI investigations as recently as June 2025.

July 25, 2025 Read More

Adversary Emulation

Ransom Tales: Volume I – Emulating BlackLock, Embargo, and Mamona Ransomware

AttackIQ introduces Ransom Tales, an initiative designed to emulate the Tactics, Techniques, and Procedures (TTPs) exhibited by sophisticated and prominent ransomware families with the objective of empowering defenders to rigorously challenge their security controls and enhance resilience against disruptive and extortive threats. In this release, AttackIQ presents three new attack graphs that emulate the behaviors exhibited by the BlackLock, Embargo and Mamona ransomware families.

July 22, 2025 Read More

Iran

Iranian Cyber Threat Escalation: Preparing for Asymmetric Response through Adversarial Validation Emulation

Amid rising tensions after Israeli and U.S. strikes on Iranian nuclear sites, experts warn of increased Iranian cyber retaliation. With limited conventional options, Iran is expected to rely on cyberattacks against U.S. infrastructure and defense sectors. DHS has issued alerts on threats from state-backed hackers and proxies. AttackIQ continues to help organizations test and strengthen their defenses.

June 23, 2025 Read More

Most Recent

Vulnerability Research

DeepSurface Security Advisory: LPEs in Node.js on Windows (CVE-2021-22921)

Node.js is a popular back-end JavaScript runtime environment built on the V8 engine. As part of our internal security research, we discovered numerous products in production environments installed with insecure permissions. One of these products was Node.js, and we decided to investigate further.

July 2, 2021 Read More

Breach and Attack Simulation

Purple Hats 2021: It was an Event “Brimming” with Cybersecurity Goodness

This past week, AttackIQ launched its inaugural Purple Hats Conference—where more than 3,000 cybersecurity practitioners, partners, and pros joined to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense strategy.

June 24, 2021 Read More

Adversary Emulation

Put MITRE ATT&CK® to work through Workbench

For years, users struggled to put MITRE ATT&CK into practice. With the release of ATT&CK Workbench today, defenders can far better ensure that their threat intelligence is continually aligned with the public ATT&CK knowledge base. See how and why.

June 22, 2021 Read More

TTPs

10 Ways to Apply the MITRE ATT&CK Framework in Your Cybersecurity Strategy

There are a number of ways that the MITRE ATT&CK framework can be used in your cybersecurity practice. Here are 10 of the most important as laid out in the MITRE ATT&CK for Dummies eBook.

June 22, 2021 Read More

Vulnerability Research

DeepSurface Security Advisory: Local Privilege Escalation in RabbitMQ on Windows (CVE-2021-22117)

RabbitMQ is a popular open source message broker, used worldwide by companies like T-Mobile and SolarWinds. Its flexibility and speed makes it easy to integrate with other applications, such as SolarWinds Orion Platform. Since we previously reported CVE-2021-29221 against the popular programming language Erlang, we suspected RabbitMQ would be vulnerable to a similar local privilege escalation attack.

June 9, 2021 Read More

Vulnerability Research

DeepSurface Security Advisory: Local Privilege Escalation in Confluence on Windows

Atlassian Confluence Server is a popular web-based corporate content management system, allowing remote teams to collaborate efficiently on projects. With over sixty thousand customers including Docker, Linkedin, and Twilio, vulnerabilities in Confluence could have a significant impact on a large user base.

June 2, 2021 Read More

Vulnerability Research

Announcing DeepSurface 2.2!

Today, we’re excited to announce the release of DeepSurface 2.2! Release 2.2 brings some exciting new features and changes in the form of tags and some UI/UX updates that make the product even easier to use.

June 1, 2021 Read More

Cybersecurity Education

Building a Stronger Community for Threat Informed Defense

AttackIQ Launches Partner Academy Understanding attacker behavior while simultaneously becoming proactive defenders is critical in…

May 25, 2021 Read More

Breach and Attack Simulation

Risky Business #624 — AttackIQ’s Mark Bagley and Jonathan Reiber talk with Patrick Gray of Risky Biz about how to solve the ransomware problem

May 19, 2021 Read More

Breach and Attack Simulation

Join CSAA Insurance Group CISO Marlys Rodgers for a conversation about the strategic benefits of automated Breach and Attack Simulation (BAS) and security optimization.

May 5, 2021 Read More

Breach and Attack Simulation

Cyber Criminals Target “Weakest Link” in the Supply Chain as European Firms Accelerate Digitisation Strategies

April 30, 2021 Read More

Vulnerability Research

Announcing DeepSurface 2.1!

We’re thrilled to announce DeepSurface 2.1, an improvement on DeepSurface 2.0 that makes it even easier to use. We’ve reorganized some things, added different nomenclature for increased efficiencies allowing you discover and remediate risk even faster.

April 30, 2021 Read More